Security Flaw Dubbed ‘Demonic’ Discovered in MetaMask and Phantom Wallets

In a classic case of “the devil is in the detail”, security researchers from Halborn have discovered a security flaw dubbed ‘Demonic’ in MetaMask and Phantom wallets.

Do Not Import Wallets Using Unencrypted Computers

According to researchers, when users imported a web extension wallet using their seed phrases via an unencrypted computer, their assets could be at risk if a hacker manages to get access to their hard drives:

These attacks are known as ‘key-finding’ or ‘key-search’, and consist of attackers using cryptography to decrypt messages on computer systems and gain access to them, leaving users’ systems exposed to the hands of the attackers:

Vulnerability Patched Up

The Demonic vulnerability only affects users with web extension wallets including MetaMask, Phantom, Brave, and XDefi wallets, while mobile users and anyone with fully-encrypted hard drives remain unaffected.

According to researchers, all wallets have now patched the security flaw. MetaMask updated its wallet with version 10.11.3, while Phantom is rolling out a new update for its wallet next week.

After the security flaw was discovered, MetaMask awarded Halborn US$50,000, while Phantom hired Oussami Amri, the employee who found the vulnerability.

MetaMask Can’t Catch a Break

MetaMask seems to be constantly in the headlines when it comes to security protocols and users’ safety. A month ago, Crypto News Australia reported that the Ethereum-based wallet had issued a phishing attack security alert for iPhone users, warning that their assets could be at risk from an iCloud-related phishing scam.

After all, the number one rule in crypto is to never give your private key or seed phrase to anyone, and never connect it to a website or app you don’t recognise, or you could end up like Dallas2626, a MetaMask user who lost US$10,000 from a scammer in Discord using a fake WalletConnect app.